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TABLE OF CONTENTS 



This brief contains these items under the following 
headings, and in the order set forth below: 

37 C.F.R. 41.37c(l) 



(i) REAL PARTY IN INTEREST 

(ii) RELATED APPEALS AND INTERFERENCES 

(iii) . STATUS OF CLAIMS 

(iv) STATUS OF AMENDMENTS 

(v) SUMMARY OF CLAIMED SUBJECT MATTER 

(vi) GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

(vii) ARGUMENTS 

(viii) APPENDIX OF CLAIMS INVOLVED IN THE APPEAL 

(ix) EVIDENCE APPENDIX 

(x) RELATED PROCEEDINGS APPENDIX 



The final page of this brief bears the practitioner's 
signature . 

(3) REAL PARTY IN INTEREST 

The real party in interest in this appeal is 
International Business Machines Corporation, Armonk, New 
York. 
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(4) RELATED APPEALS AND INTERFERENCES 



No appeals or interferences will directly affect, or be 
directly affected by, or have a bearing on the Board's 
decision in this appeal. 

(5) STATUS OF CLAIMS 

A. TOTAL NUMBER OF CLAIMS IN APPLICATION 

Claims in the application are: 1-15 

B. STATUS OF ALL THE CLAIMS 

1. Claims canceled: 8, 11, 12, 14 

2. Claims withdrawn from 
onsideration but not 

canceled: None 

3. ' Claims pending: 1-7, 9-10, 13, 15 

4. Claims allowed: None 
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5. Claims rejected: 1-7, 9-10, 13, 15 

C. CLAIMS ON APPEAL 

The claims on appeal are: 1-7, 9-10, .13, 15 



(6) STATUS OF AMENDMENTS 

The status of any amendment filed subsequent to the 
final rejection is, insofar as understood by appellant, as 
follows: 

No amendment has been filed subsequent to the final 
rejection, dated 10 Oct 2006, 

(7) SUMMARY OF CLAIMED SUBJECT MATTER 

In general, with reference to applicant's Figures 6, 10 
and 11, applicant's invention as set forth in claims 3-7, 9, 
13 and 15 is directed to controlling access to rooms in 
collaboration space. The rooms include! a place (or root 
room 201) and a plurality of additional rooms 202, 203, 204, 
210 (these are subrooms, with each subroom also being a 
place in collaboration space) linked in a hierarchical 
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structure by a double linked construct (forward pointers 
205, 209 and reverse pointers 206, 207, 208,- and 211)., with 
access control on the root room, or place, 201, on each 
subroom 202, 203, 204, 210, and on the forward pointers 209- 
(Fig. 11, readers field 214) between them' which, in 
combination, support increased, decreased, and maintained 
(the same) access to a subroom 210 as that allowed on its 
parent room 204, and that access at any level of authority 
to a subroom 202, 203, 204, 210 is enabled only for those 
authorized to access the root room 201, together with a 
third access control 214 provided on forward pointers 209 to 
control whether the link to a child room 210 will be enabled 
at its parent room 204 for a specific user 215. When 
displaying a parent room 201, 204 to a user, the only child 
room links displayed are those for which that user is 
identified in the readers field 214 on forward pointers 205, 
209. 

For claim 1, applicant's invention is directed to a 
collaboration space (Figure 8, 191; Figure 10) created as a 
web site (Page 55, lines 6-15) by a user at a browser 
(Figure 6, 101) including a plurality of rooms (Figure 10, 
201, 202, 203, 204, 210; page 48, lines 2-5) in a 
hierarchical structure (page 19, lines 16-17) with access 
control list (page 52, lines 4-6; page 55, lines 2-9) 
control on rooms (201, 202, 203, 204, 210) and access 
control list (Figure 11, 214) control on forward pointers 
(Figures 10 and 11, 209) to child rooms (Figure 10, 210), 
comprising: 
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said web site (105-108; page 6, lines 1-9; page 30, 
lines 1-11) including a place comprising a plurality of 
subrooms, each subroom being an independent entity 
belonging to said place (Figure 7 , 172; page 52, lines 
14-18) , 

said place (191) having a first data note (members 
195 for main room 201) including a directory of 
members (195) of said place and 

each subroom (202, 203, 204, 210) within said 
place having a data note (195, for subrooms 202, 
etc.) associated therewith containing an access 
control list of members (195) selected exclusively 
from said directory of members (195, for main room 
201) by a member of said place having manager 
authority with respect to said subroom for 
specifying users of said place authorized to 
access said subroom (page 48, line 2 to page 49, 
line 1 ) ; 

forward (Figure 10, 205, 209) and reverse pointers 
(Figure 10, 206, 207, 208, 211) for linking said 
subrooms, each said forward pointer (Figure 11, 209) to 
a child room (210) including indicia (212) identifying 
said child room, indicia (213) specifying the address 
location of the entity forming said child room, and a 
readers field (214) for providing access control list 
(215, 216) control on said forward pointer (209) (page 
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49, line 19 to page 50, line 9) ; 



said readers field (214) being a members object (Figure 
8, 195) for identifying those members of said subset of 
members of said place authorized to access a parent 
subroom (204) that are also authorized to access a 
child subroom (210) and for each member of said subset 
of members a level (216) of authorization; 

a document readers field for a document containing data 
in said subroom being a members object for identifying 
a subset of members of said place authorized to access 
a subroom who are also authorized to access' said 
document (page 49, lines 1-18); and 

said collaboration space comprising a hierarchy of 
rooms (Fig. 10, 201, 202, 203, 204, 210), each room- 
being a place (Fig. 8, 191) in collaboration space 
including said directory of members (195); said 
directory of members (195), said access control list of 
members (Contacts . nsf) , and said readers field (214) 
selectively providing increased, decreased, and 
maintained access to a child place in collaboration ■ 
space, with access at any level of authority to a child 
place enabled only for those authorized to access a 
corresponding parent place, and whether a link (209) to 
a child place (210) will be enabled for a specific user 
(215) in its corresponding parent place (204) (page 48, 
line 1 to page 50, line 9) . 
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Claim 10 varies from the above in that it is directed 
to the creation of a child room. This includes initially 
providing in a readers access field (195) for a child room 
created from a form those users identified in a form access 
list identifying users authorized to read rooms (such as 
202) created from that form (page 49, lines 3-9); and 
limiting reader access in the readers access field (195, for 
subroom 210) to the child room (210) for a specific user to 
no more than the access granted that specific user in the 
first access control list (195, for main room 201) (page 49, 
lines 9-12) . 

Claim 3 varies from claims 9, 13, and 15 by not 
specifically reciting the displaying of a parent room, which 
limitation is included in its dependent claim 7. 



(8) GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 



Claims 1-7, 9-10, 13, 15 stand rejected under 35 U.S.C. 
103 as obvious over Salas et al (Salas, U.S. Patent 
6,233,600) in view of Maurille (U.S. Patent 6,484,196) and 
further. in view of Cutler et al. (Cutler, U.S. Patent 
5, 129, 083) . 
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(9) ARGUMENT 



Rejection of Claims 1-7, 9-10,13, and 15 Under 35 U.S.C. 103 



Rejection of Claims 3-7, 9, 13 and 15 Under 35 U.S.C. 103 



Claims 3-7, 9, 13, and 15 have been rejected under 35 
U.S.C. 103(a) over Salas et al (Salas, U.S. Patent 
6,233,600) in view of Maurille (U.S. Patent 6,484,196) and 
further in view of Cutler et al. (U.S. Patent 5,129,083). 



Applicant argues that the Examiner has not satisfied 
the burden for establishing a prima facie case of 
obviousness, which requires that the Examiner provides 

1. one or more references 

2. that were available to the inventor and 

3 . that teach 

4. a suggestion to combine or modify the references, 

5. the combination or modification of which would 
appear to be sufficient to have made the claimed 
invention obvious to one of ordinary skill in the 
art . 
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With respect to the third element (that the references 
"teach") , it is not enough that the prior art references 
disclose all the claimed elements in isolation. Rather, as 
stated by the Federal Circuit, a prior art reference must 
disclose the' elements of the claimed invention "arranged as 
in the claim." The Examiner, further, must identify the 
elements of the. claims of the application, determine their 
meaning in light of the specification and prosecution 
history, and identify the corresponding elements disclosed 
in the reference. [See Lindermann Maschinenf abrik GmbH v. 
American Hoist & Derrick Co., 221 USPQ 481, 485 (Fed. Cir. 
1984) This case dealt with anticipation under 35 U.S.C. 
102, but the principle applies here as well] . Further, 
references do not teach when the prior art is lacking or 
missing a specific feature or structure of the claimed 
invention. [See Continental Can Co. USA v. Monsanto Co., 20. 
USPQ 2d 1746, 1748 (Fed. Cir. 1991)]. 

The proper approach to the obviousness issue must start 
with the claimed invention as a whole. It is true that it 
consists of a combination of old elements so arranged as to 
perform certain related functions. It is immaterial to the 
issue, however, that all of the elements were old in other 
contexts. What must be found obvious to defeat the patent 
is the claimed combination. [Kimberly-Clark Corp. v. 
Johnson & Johnson, 745 F.2d 1437, 223 USPQ 60-3, 609-10 
(Fed. Cir. 1984) . ] 
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Applicant will show that several of the elements in the 
claims alleged by the Examiner to be taught by the 
references are, in fact, not taught when properly 
considered, and that when considered as a whole, the cited 
art references do not teach the claimed combination. 

The fourth element of the prima facie case, the 
suggestion to combine, must come from the prior art. It is 
insufficient to establish obviousness that the separate, 
elements of the invention existed in the prior art, absent 
some teaching or suggestion, in the prior art, to combine 
the elements. That a claimed invention may employ known 
principles does not itself establish that the invention 
would have been obvious, particularly where those principles 
are employed to deal with different problems. The Examiner 
must consider the claim as a whole, and not piece together 
the claimed invention using the claims as a guide. The 
Federal Circuit has stated: "[o]ne cannot use hindsight 
reconstruction to pick and choose among isolated disclosures 
in the prior art to deprecate the claimed invention. [See 
In re Fritch, 23 USPQ 2d 1780, 1784 (Fed. Cir. 1992)]. 

It is insufficient to establish obviousness that the 
separate elements of the invention existed in the prior art, 
absent some teaching or suggestion, in the. prior art, to 
combine the elements. [See Arkie Lures, Inc. v. Gene Larew 
Tackle, Inc., 43 USPQ 2d 1294 (Fed. Cir.' 1997)]. That a 
claimed invention may employ known principles does not 
itself establish that the invention would have been obvious, 
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particularly where those principles are employed to deal 
with different problems. [See Lindermann, supra.] The 
Examiner must consider the claim as a whole, and not piece 
together the claimed invention using the claims as a guide. 
The Federal Circuit has stated: "[o]ne cannot use hindsight 
reconstruction to pick and choos'e among isolated disclosures 
in the prior art to deprecate the claimed invention. [See 
In re Fritch, 23 USPQ 2d 1780, 1784 (Fed. Cir. 1992)]. 

The CCPA as stated that the prima facie case requires 
that the reference teachings "appear to have suggested the 
claimed subject matter." [In re Rinehart, 531 F.2d 1048, 
189 USPQ 143, 147 (C.C.P.A. 1976)] The Examiner must show 
why it "would appear" that the references would have been 
combined. Applicant argues that the motivations for 
combining the cited references discussed hereafter are not 
sufficient to meet this requirement. 

"In rejecting claims under 35 U.S.C. § 103, the 
Examiner bears the initial burden of presenting a prima 
facie case of obviousness. See In re Riickaert , 9 F.3d 
1531, 1532, 28 USPQ2d 1955, 1956 (Fed. Cir. 1993) . To reach 
a conclusion of obviousness under § 103, the Examiner must 
produce a factual basis supported by a teaching in a prior 
art reference or shown to be common knowledge of 
unquestionable demonstration. Such evidence is required in 
order to establish a prima facie case. In re Piasecki , 745 
F.2d 1468, 1471-72, 223 USPQ 785, 787-88 (Fed. Cir. 1984). 
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The Examiner must not only identify the elements in the 
prior art, but also show 'some objective teaching in the 
prior art or that knowledge generally available to one of 
ordinary skill in the art would lead the individual to 
combine the relevant teachings of the references." In re 
Fine , 837 F.2d 1071, 1074, 5 USPQ2d 1596, 1598 (Fed. Cir. 
1988)'. ( Ex parte Rao S. Chintakrindi, Thomas E. Murphy, Paul 
F. Rieth and Jeffrey S. Stevens, Non-binding decision of the 
Board of Patent Appeals and Interferences, 9/30/2003 in 
Appeal No. 2001-2578, Application No. 08/977,547 filed 25 
Nov 1997, END919970136US1. ) 

"A rejection under 35 U.S.C. § 103 must be based on 
whether there is a teaching, motivation, or suggestion to 
select and combine the references based on objective 
evidence of record. Therefore, the Examiner must identify a 
reason, suggestion, or motivation which would have led an 
inventor to combine those references. Pro-Mold & Tool Co. 
v. Great Lakes Plastics, Inc. , 75 F.3d 1568, 1573, 37 USPQ2d 
1626, 1629, (Fed. Cir. 1996). Additionally, 'the Board must 
not only assure that the requisite findings are made, based 
on evidence of record, but must also explain the reasoning 
by which the findings are deemed to support the agency's 
conclusion.'" ( Ex parte Rao S. Chintakrindi, Thomas E. 
Murphy, Paul F. Rieth and Jeffrey S. Stevens, Non-binding 
decision of the Board of Patent Appeals and Interferences, 
9/30/2003 in Appeal No. 2001-2578, Application No. 
08/977,547 filed 25 Nov 1997, END91 997 0136US1 . ) 
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In order to find teachings in the art for method and 
structure set forth in the claims, the Examiner selects (1) 
Salas from the collaborative workspace technology, (2) 
Cutler from the ACL security technology, and (3) Maurille 
from the hierarchical data structure technology. 

Referring to (1) collaborative workspace technology, 
(2) ACL security technology, and (3) hierarchical or tree 
data structure technology, the Examiner states: 

"Any combination of these three technologies would have 
been obvious to one skilled in the art in 1999." 
[Emphasis added. Office Action, 10/10/06, page 3.] 

Applicant argues that to read these technologies on 
"any combination", including applicants claims, requires 
impermissible hindsight using applicant's own claim as a 
roadmap,and that is what the Examiner has done. This "any 
combination" statement fails to establish why these 
references "would appear" to have been combined. 

Applicant notes the following critical distinctions 
from each of the references, and from their combination. 
These distinction further establish the conclusion that the 
referenced elements in the combination suggested do not 
teach the claim as a whole. 

Salas does not teach a hierarchical arrangement of 
"rooms", but rather a room (eRoom 24) which has a 
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hierarchical arrangement of objects (pages 27, files 29, and 
database objects 28.) Several eRooms 22 are referenced in 
directory 22 from server database 20, but these are not 
arranged in a hierarchical structure. 

Cutler does not teach, inter alia, that access at any 
level of authority to a subroom is enabled only for those 
authorized to access the root room, together with a third 
access control (readers field) on the forward pointer to 
control whether the link to a child room will be enabled in 
its parent room for a specific user. 

While Maurille does teach forward and reverse pointers, 
Maurille only refers to a data schema including users, not 
rooms in collaboration space . 

Building on these distinctions with respect to the 
references taken individually, applicant traverse their 
combination . 

The Examiner states the motivation to combine the 
Salas, Maurille, and Cutler references at page 10 of the 
Office Action. 

Applicants further contend that these teachings are not 
from a common domain such that teachings may be combined as 
the Examiner asserts. Typical of the Examiner's rationale, 
based on applicant's own disclosure and using the claims as 
a roadmap, for combining these references is the following: 
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"It would have been obvious to one of ordinary 
skill in the art... to modify Salas to operate a 
collaborative workspace for message communications 
between members as taught by Maurille, and to modify 
Salas to enable utilization of standard object oriented 
techniques for collaborative space processing such as 
pointers to objects containing access control lists. 
(ACLs) and controlling access to objects as taught by 
Cutler. ... to employ Maurille in order to optimize 
message processing and display capabilities for a 
networked collaborative communications environment (see 
Maurille col. 6, lines 13-16...), and .to employ Cutler 
in order to efficiently enhance security by providing 
limited visibility of computer resources and protecting 
data integrity (see Cutler, col. 1, lines 47-53...). 

Applicant responds specifically with respect to Maurille 
that the stated motivation ("in order to optimize message 
processing and display capabilities") is irrelevant to 
applicant's claimed combination and would not motivate one 
of ordinary skill in the art in 1999 to combine these 
references to achieve applicant's invention. 'Applicant's 
claims are specific to access control on subrooms in a 
hierarchy of rooms and subrooms within collaboration space, 
and not to message processing and display capabilities, and 
the Examiner provides no proper motivation for combing these 
references to achieve that result. 

The above statement falls short of demonstrating that 
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Salas, Maurille and Cutler teach applicants claims. That 
is, various teachings are drawn from these references in an 
apparent attempt to show* all of the elements of applicant's 
claims, yet they fail to do so at the level of specificity 
set forth in applicants claims, as will be more fully 
explained below. 

Further, these references are in different fields, or 
domains. Specifically, Cutler refers to objects within an 
operating system domain, which is not the same domain as 
collaboration space. Maurille contains no reference to 
rooms in collaboration space. The generic use of access, 
control on objects in an operating system taught by Cutler 
does not map, to those of ordinary skill in the art, to the 
specific claimed configuration of access controls on rooms 
and subrooms which are places within collaboration space 
having access control lists in each room and readers fields 
on forward pointers between rooms. Salas refers to an E- 
room, which. is not the same as applicants collaboration 
space. The Salas E-room is a database with tables on a 
server, but not a plurality of E-rooms. Applicants 
collaboration space does not refer merely to a database on a 
server, but rather' to 'a construct that has a plurality of 
rooms linked in such a way that a quick place (room) 
includes a plurality of quick places (rooms) double linked 
with access control on each parent place, each child place, 
and' each forward pointer linking these places. 



Applicants collaboration space comprises a root place 
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including a plurality of additional places (subrooms) linked 
by the double linked (forward and reverse pointers) 
construct set forth in the claims, with access control on 
the root place, each subroom, and on the .forward pointers 
which, in the specific combination set forth in the claims, 
support increased, decreased, and maintained (the same) 
access to the subroom as that allowed on a parent room, and 
that access at any level of authority to a subroom is 
enabled only for those authorized to access the root room, 
together with a third access control provided on forward 
pointers to control whether the link to a child room will be 
enabled in its parent room for a specific user. 

The Cutler reference is characterized by the Examiner 
as teaching "...the usage of object oriented technology 
utilizing access control list techniques for collaborative 
space management" (Office Action, page 10). Applicants 
agree that Cutler teaches access control on objects in an 
operating system domain, but traverse the suggestion that 
Cutler teaches such for collaborative space management. The 
Examiner refers (Office Action, page 12) to the following 
from Cutler: 

M In addition to visibility control, access to each 
object is controlled through an access control list 
which specifies the processes authorized to access the 
object, and the types of access that are allowed." 
[Cutler, Col. 2, lines 27-30.] 
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"Each object 822 has access control information 
that describes the access rights needed by a user to 
gain access to a resource. The object header 820 
contains the access control information." [Cutler, Col 
22, lines 65-67.] 

"Any process, including the top level process, can 
cause the creation of additional processes, called 
subprocesses or child processes. Any process which 
creates another process is referred to as a parent 
process." [Cutler, Col. 5, lines 21-25.] 

There is no teaching in Cutler, nor in Cutler in 
combination with Salas and Maurille, that a 'second access 
control list is provided for a subroom (each room and 
subroom is a separate quick place in a collaboration domain) 
in a hierarchy of rooms (or quick places) so as to enable 
increased, decreased, and maintained (the same) access to 
the subroom as that allowed by the access control list on 
the parent room, and that access at any level of authority 
to a subroom is enabled only for those authorized to access 
the root room, together with a third access control (readers 
field) on the forward pointer to control whether the link to 
a child room will be enabled in its parent room for a 
specific user. 

In Applicants' invention, an access control list for 
the place in collaboration space (that is, the root place, 
or room) is used for management of security of all sub-rooms 
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within that space. That is, access (as distinguished from 
level of access: reader, manager, etc.) to sub-rooms within 
a place is limited to only those individuals listed in the 
access control list for the place (that is, the highest room 
in the hierarchy) . Thus, Applicants' invention provides a 
restrictive control over who may become a member of the 
various rooms within a place (that is, to whom managers can 
give access to rooms within the place.) This list of people 
is in the place main or root room of the hierarchy of rooms. 
A manager or author can only add to the access control list 
of a room or subroom individuals who are listed in the 
access control list of the root room of the hierarchy. This 
structure is brought out in the following references from 
the specification . 

"Referring again to Figure 6, eight QuickPlace 
extensions 160 are enhancements made to the Domino web 
server 132 in* order to support a QuickPlace 
application. These extensions 160 are enabled only for 
QuickPlace URLS; that is, they are enabled for URLs 
that are targeted against a particular QuickPlace. 
These extensions are: (1) shared design elements, (2) 
database linkage, (3) commands, (4) publish and draft 
model, (5) security and authentication, (6) forms and 
fields, (7) decoration model), and (8) graphics 
server." [Page 56, line 13 to page 57, line 1. Emphasis 
added. ] 



"(2) Database linkage enables the grouping of a 
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number of databases in a hierarchical way. A place is 
a collection of databases, and these need to be 
represented in a parent child relationship. Data notes 
represent the hierarchy to the database. There is. a 
data note in the parent database, and there is a data 
note in the child database. The use of data notes for 
these QuickPlace extensions as a way of representing 
their functionality has the benefit that there are many 
ways of manipulating them, whether it's with Java or 
forms or the Notes designer. [Specification, page 57, 
lines 12-21.] 

"(5) The security and authentication QuickPlace 
extension is consistent with the QuickPlace model, 
which provides three levels of security or roles: 
reader, author, and manager. There exists a member 
directory for each place. What this means is that each 
place has its own set of members that visit it. The 
Domino server is modified to perform local 
authentication against that directory, making places 
very portable, self-contained. And they don't collide 
with other members in other places. A user, having 
control of his own place member directory, set his own 
security for access to that directory. [Page 59, line 
15 to page 60, line 1. Emphasis added.] 

"...a collaborative environment to be set up 
without administrative support, that is by members of 
the team itself, using a familiar and easy to use 
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browser user interface. Members of the ■ team, acting 
with manager or author authority, and using such a 
browser interface without involving administrative or 
application development support, need to be able to set 
up a folder or room for each project element..." 
[Specification, page 5, lines 7-15.' Emphasis added.] 

"A room is created from a default room type 
template, PageLibrary . ntf , which provides indexing 
infrastructure for maintaining the pages in a room, and 
also security and authentication features so that 
access to a room can be limited to a subset of team 
members." [Specification, page 55, line 16 ff. 
Emphasis added.] 

Applicants contend that nowhere does Salas, Maurille, 
or Cutler teach that membership in an access control list 
control on a specific subroom in collaboration space is 
limited to members included in the access control list for 
the collaboration space. Thus, the reference to Col. 13, 
lines 31-34 of Salas states: 

"...each object may be provided with a field or fields 
which identify users that may open, view, and edit the 
object . " 

"Users" is not limited, apparently, to "members", as the 
latter may be identified for- the place as distinguished from 
objects within the place. As noted above, Cutler does not 
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provide this missing element from Salas. 



Applicants invention provides a double linked list for 
linking rooms together in collaboration space, with access 
control list control on rooms and access control list 
control on forward pointers , or child pointers, to child 
rooms . 

This structure is illustrated in Figures 10 and 11 of 
applicants' specification, which are described as follows: 

Referring to Figure 10, QuickPlace rooms 201-204 
and 210 are connected by forward and backward pointers 
205-209 and 211, and these enable the security of each 
room to be independently managed. Each room has its 
. own security; that is, the identity of each user 
allowed to enter the room and that users security 
level : the three levels being reader, author, manager. 
This is held in an access control list which is a part 
of each room. While an individual, say Steve, has 
reader access (R) to the library 204, he can have 
author (A) access to a subroom 211. This enables a 
subroom 211 to have increased/ maintained, or decreased 
access authority for a particular individual with 
respect to its parent room 204. Only individuals with 
access to a parent 204 can access a subroom 210, but 
that subroom 210 can have changed access for the 
subroom 210 for these individuals. Previously, 
security could not be increased in subrooms 210 with 
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respect to a parent room 204. 



A database access control list (ACL) specifies who 
can or cannot access the database. For users who can 
access a database, access levels and roles determine 
the specific actions they can perform -- for example, 
creating or deleting documents. Document access .fields 
(Readers and Authors fields') , in conjunction with the 
database ACL, control who can read or modify specific 
documents. Thus, to limit access to specific documents 
created from a form, a readers field is included. A 
readers field explicitly lists the users who can read 
documents created from the form. If a form has an 
access list, names from the readers field are added to 
the form access list. Otherwise, the readers field 
controls access to documents created from the form. 
Entries in a readers field cannot give a user more 
access than what is specified in the database access 
control list (ACL) ; they can only further restrict 
access. An authors field works in conjunction with 
author access in the database ACL. Listing users in an 
authors field expands access rights by allowing listed 
users to edit documents they create. Entries in an 
authors field cannot override the database access 
control list; they can only refine it. Authors fields 
affect only users who have author access to the 
database . 



Referring to Figure 11, forward pointers 205, 209 
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are secure . Security, in this context provides that 
forward pointer 205 to project A 203 carries the same 
security as that of project A 203, and anyone viewing 
main room 201 who is not entitled to access project A 
203 will not see room 203 listed in parent room. 
QuickPlace does not show a user things or objects to 
which the user does not have access. In past, such 
objects were shown, but were greyed out or otherwise 
managed so that user access was inhibited. Forward 
pointers,- therefore, include room name field 212, 
address to database name field 213, and readers field 
214, which includes a table of user identifiers 215 for 
each user permitted to access the room, with 
corresponding access authority 216 for each such user, 
which may be manager, author, or reader. [Applicants' 
specification, pages 48-50.] 

None of the references cited, taken individually or in 
any combination, teaches this structure of a double linked 
list for linking rooms together in rooms (places) in 
collaboration space with ACL security on each room (place in 
collaboration space) and ACL security (readers fields) on 
forward pointers in the double linked list. 

The Examiner refers (Office Action, page 8) to Salas 
col. 13, lines 32-34 and col. 14, lines 37-39 as teaching a 
"readers field for providing access control list 1 control on 
said forward pointer." [Office Action, page 3.] Applicants 
traverse. This is what Salas teaches: 
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"For example, each object may be provided with a field 
or fields which identify users that may open, view, and 
edit the object." [Salas, Col 13, lines 32-34.] 

"Since every file and eRoom item is represented as an 
object in the database, access of users to each item 
can be controlled by entries in the database schema. 
For example, every eRoom may be represented by a table 
which has as one or more of its fields, a list of 
members that are entitled to enter the eRoom." [Salas, 
Col. 14, lines 37-42.] 

Applicants assert that there is no teaching here of an 
access control list, or readers field, on a specific forward 
pointer from a parent room to a child room, which ACL or 
readers field is distinct from the ACL for either the parent 
or child room. 

Applicants structure of access control elements 
provides a readers field as part of the pointer which is 
distinct from the ACL on either the parent or the child 
room, and is an ACL control on the pointer itself used to 
specify whether a pointer to a child room (place) is enabled 
in its parent room (place) . 

Cutler teaches access control on objects generically, 
but does not teach using such on forward pointers between 
rooms in collaboration space, as previously stated. 
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The Examiner refers to Maurille as teaching forward 
pointers identifying a child room, but is silent as to the 
existence of an ACL control on that pointer [Maurille, Col. 
6, lines 44-57] . However, applicants note, Maurille has no 
teaching of "room" entities, and only refers to a data 
schema including users, not rooms in collaboration space. 

Thus, neither Salas nor Maurille nor Cutler disclose or 
teach this aspect of the claims. That is, applicant argues, 
the combination of Cutler, Salas and Maurille does not teach 
ACL control specific to forward pointers in the hierarchical 
structure of rooms in collaboration space in addition to ACL 
control on the parent and child rooms within that space. 

That Salas does not teach a double linked list with ACL 
security on forward pointers in addition to ACL security on 
the rooms is apparent from examination of Salas Figure 1, 
which does not show forward and reverse pointers between 
rooms. In Salas, there is no teaching of forward and 
reverse pointers linking rooms with ACL security on those 
forward pointers , as distinguished from and in addition to 
security on the rooms. While Maurille may disclose forward 
and reverse pointers, none of Cutler, Maurille or Salas 
teach ACL security on the forward pointers. Cutler's 
generic teaching of ACL on objects in an operating system 
domain does not teach the specific configuration of ACL 
controls on rooms and pointers within a collaboration space 
domain . 
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Maurille is cited by the Examiner as teaching databases 
and pointers linking them, and Applicants agree that such is 
taught. Cutler is cited by the Examiner as teaching access 
control lists, and Applicants agree, that such is taught. 
Applicants do not claim they invented forward and reverse 
pointers between objects in a hierarchy, nor are they 
claiming they invented access control lists. Rather, 
Applicants invented a hierarchy of rooms to create a 
collaboration space with a specific protocol of access 
control lists, including ACL lists on rooms and additional 
ACL control specifically on forward pointers used for 
management of security of rooms within that collaboration 
space. Neither Maurille, Cutler, nor Salas, taken 
separately or in combination, teach that protocol. 

Rejection of Claims 1 and 2 Under 35 U.S.C. 103 

The discussion above of claims 3-7, 9, 13 and 15, 
applies equally to claim 1. 

The primary distinction in claim 1 with respect to the 
claims previously discussed is the provision for "a document 
readers field for a document containing data in said subroom 
being a members object for identifying a subset of members 
of said place authorized to access a subroom who are also 
authorized to access said document," as is described at page 
49, lines 1-18 of the specification. 
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The Examiner cites Salas, col. 13, lines 32-34. 
Applicant concurs. Consequently, claims 1 and 2 will stand 
with claims 3-7, 9, 13, and 15 on the distinctions 
previously discussed. 

Rejection of Claim 10 Under 35 U.S.C. 103 

Claim 10 varies from the claims previously discussed in 
that it is directed to the creation of a child room. This 
includes initially providing in a readers access field (195) 
for a child room created from a form. those users identified 
in a- form access list identifying users authorized to read 
rooms (such as 202) created from that form (page 49, lines 
3-9) ; and limiting reader access in the readers access field 
(195, for subroom 210) to the child room (210) for a 
specific user to no more than the access granted that 
specific user in the first access control list (195, for 
main room 201) (page 49, lines 9-12) . 

On this point, the Examiner refers (Office Action, page 
21) to Salas, col. 13, lines 32-34 and col. 14, lines 37-39, 
quoted above. 

Applicant argues that there is no teaching in these 
references to Salas, or elsewhere in any of the references-, 
of the feature here being claimed. • That is, creating a . room 
from a form, which form has an associated ■ form access list 
identifying those users authorized to access a room created 
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from that form, in combination with the other limitation of 
the claims including, specifically, the readers field on 
forward pointers linking to and from the room created from 
that form, as previously discussed. 

Rejection of Claim 3 Under 35 U.S.C. 103 

Claim 3 varies from claims 9, 13, and 15 by not 
specifically reciting the displaying of a parent room, which 
limitation is included in its dependent claim 7, and by a 
more precise rendition that the ACL on a child room can only 
included users identified as authorized to enter the root 
place . 

The most relevant distinctions in claim 3 with respect 
to the Salas, Maurille, and Cutler references are those 
previously discussed with respect to claims 9, 13, and 15, 
so claim 3 and its dependent claims 4-7 stand with them. 

Request 

Applicant requests that the Board reverse the decision 
of the Examiner to reject claims 1-7, 9-10, 13, 15. 
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(10) CLAIMS APPENDIX 



1 1. A collaboration space created as a web site by a user 

2 at a browser including a plurality of rooms in a 

3 hierarchical structure with access control list control on 

4 rooms and access control list control on forward pointers to 

5 child rooms, comprising: 

6 said web site including a place comprising a plurality 

7 of subrooms, each subroom being an independent entity 

8 belonging to said place, 

9 said place having a first data note including a 
10 directory of members of said place and 



each subroom within said place having. a data note 
associated therewith containing an access control 
list of members selected exclusively from said 
directory of members by a member of said place 
having manager authority with respect to said 
subroom for specifying users of said place 
authorized to access said subroom; 



18 forward and reverse pointers for linking said subrooms, 

19 each said forward pointer to a child room including 

20 indicia identifying said child room, indicia specifying 

21 the address location of the entity forming said child 
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11 
12 
13 
14 
15 
16 
17 



22 room, and a readers field for providing access control 

23 list control on said forward pointer; 

24 said readers field being a members object for 

25 identifying those members of said subset of members of 
26i said place authorized to access a parent subroom that 

27 are also authorized to access a child subroom and for 

28 each member of said subset of members a level of 

29 authorization; 

30 a document readers field for a document containing data 

31 in said subroom being a members object for identifying 

32 a subset of members of said place authorized to access 

33 a subroom who are also authorized to access said 

34 document; and 

35 said collaboration space comprising a hierarchy of 

36 rooms, each room being a place in collaboration space 

37 including said directory of members; said directory of 

38 members, said access control list of members, and said 

39 readers' field selectively providing increased, 

40 decreased, and maintained access to a child place in 

41 collaboration space, with access at any level of 

42 authority to a child place enabled only for those 

43 authorized to access a corresponding parent place, and 

44 whether a link to a child place will be enabled for a 

45 specific user in its corresponding parent place. 



1 2. The collaboration space of claim 1, said levels of 
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authorization including manager, author, and reader. 



1 3. A collaboration space created as a web site by a user 

2 at a browser, comprising: 

3 a place comprising a plurality of rooms in a 

4 hierarchical structure linked by forward and backward 

5 pointers; 

6 a member directory for said place identifying users 

7 authorized to enter said place; 

8 each said room comprising one or more pages, and for 

9 each said room a members object for identifying a 

10 subset of members of said place authorized to access 

11 said room and for each -member a level of authorization, 

12 each member of said subset of members being a user 

13 authorized in said member directory to enter said 

14 place; 

15 said rooms including a parent room and a child room, 

16 and said pointers comprising forward and backward 

17 pointers for enabling the security of each said room to 

18 be independently managed, said forward pointers 

19 including indicia identifying said child room, indicia 

20 specifying the address location of the database' forming 

2 1 ■ said child room, and a readers field for providing 

22 access control list control on said forward pointer, 

23 said readers field for identifying those members of 
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24 said subset of members of said place authorized to 

25 access a parent room that are also authorized to access 
2 6 a child room; and 

27 ' said collaboration space comprising a hierarchy of 

28 rooms , each room being a place in collaboration space 

29 including a member directory; said member directory, 
30- said members object, and said readers field selectively 

31 providing increased, decreased, and maintained access 

32 to a child place in collaboration space, with access at 

33 any level of authority to a child place enabled only 

34 for those authorized to access a corresponding parent 

35 place, and whether a link to a child place will be 

36 enabled for a specific user in its corresponding parent 

37 place. 

1 4. The collaboration space of claim 3, said readers field 

2 including an access authority for each reader authorized to 

3 enter said room selectively as manager, author or manager. 



]. 5. The collaboration space of claim 3, each said forward 

2 pointer being a secure pointer by carrying the same level of 

3 security as the child room to which it points. 

]. 6. The collaboration space of claim 5, each said forward 

' 2 pointer carrying in said readers field the 'same security as 

3 that of the subroom to which- it points . 
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1 7. The collaboration space of claim 6, further comprising 

2 a display for presenting to a specific u'ser viewing a parent 

3 room a listing of its subrooms, said listing including for 

4 said specific user only those subrooms for which said 

5 readers field in said forward pointer includes an entry 

6 authorizing access by said specific user. 

1 8. [Canceled] 

2 9. A method for controlling access to rooms within a 

3 collaboration place created as a web site by a user at a 

4 browser, comprising the steps of: 

5 maintaining for said collaboration place an access 

6 control list identifying those users authorized to 

7 enter said place; 

8 providing forward and reverse pointers linking said 

9 rooms in a hierarchical structure within said place, 

10 said forward pointers including indicia identifying a 

11 child room, indicia specifying the address location of 

12 the database forming said child room, and a readers 

13 field for providing access control list control on said 

14 forward pointer, said readers field exclusively 

15 specifying a subset of said users authorized to enter 

16 said place; 
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displaying a parent room to a specific user, said 
parent room including a list of children rooms for 
which said readers fields on said forward pointers 
authorize said specific user access; and 

said collaboration space comprising a hierarchy of 
rooms, each room being a place in collaboration space 
including an access control list; said access control 
list and said readers field on forward links from a 
parent place to a child place selectively providing 
increased, decreased, and maintained access to said 
child place in collaboration space, with access at any 
level of authority to said child place enabled only for 
those authorized to access a corresponding parent 
place, and whether a link to a child place will be 
enabled for a specific user in its corresponding parent 
place . 

10. A method for creating a child room within a 
collaboration place data base created as a web site by a 
user at a browser, comprising the steps of: 

providing for said collaboration place data base a 
first access control list identifying users authorized 
to access said data base; 

providing for said child room a back pointer to a 
parent room; and 
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9 providing at said parent room for said child room a 

10 forward pointer from said parent room to said child 

11 room, said pointer including indicia identifying said 

12 child room, indicia specifying the address location of 

13 the database forming said child room, and a readers 

14 access field listing a subset of users in said first 

15 access control list who are users authorized to access 
161 said child room for providing a second access control 

17 list specific to said forward pointer; 

18 initially including in said readers access field for a 

19 child room created from a form users identified in a 

20 form access list identifying users authorized to read 

21 rooms created from said form; 

22 limiting reader access in said readers access field to 

23 said child room for a specific user to no more than the 

24 access granted said specific user in said first access 

25 control list; and 



said collaboration space comprising a hierarchy of 
rooms, each room being a place in collaboration space 
including an access control list; said access control 
list and said readers access field on forward links 
from a parent place to a child place selectively 
providing' increased, decreased, and maintained access 
to said child place in collaboration space, with access 
at any level of authority to said child place enabled 
only for those authorized to access a corresponding 
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27 
28 
2 9 
30 
31 
32 
33 
34 



35 
36 
37 



parent place, and whether a link to a child place will 
be enabled for a specific user in its corresponding 
parent place. 



11 . [Canceled] 

12 . [Canceled] 



1 13. A program storage device readable by a machine, 

2 tangibly embodying a program of instructions executable by a 

3 machine to perform method steps for controlling access to 

4 rooms within a collaboration place created as a web site by 

5 a user at a browser, said method steps comprising: 

6 maintaining for said collaboration place a first access 

7 control list identifying those users authorized to 

8 enter said place; 

9 providing forward and reverse pointers linking said 

10 rooms within said place, said forward pointers 

11 including indicia identifying a child room, indicia 

12 specifying the address location of the database forming 

13 said child room, and a second access control list 

14 including a readers field specifying each user having 

15 manager, author, and reader access to said child room, 

16 said readers field exclusively specifying a subset of 

17 said users authorized to enter said place; [[and]] 

18 displaying a parent room to a specific user, said 
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19 parent room including a list of children rooms for 

20 which said readers fields on said forward pointers 
•21 authorize said specific user access; and 

22 said collaboration space comprising a hierarchy of 

23 rooms, each room being a place in collaboration space 

24 including an access control list; said first access 

25 control list, and second access control lists on 

26» forward links from a parent place to a child place, 

27 selectively providing increased, decreased, and 

28 maintained access to said child place in collaboration 

29 space, with access at any level of authority to said 

30 child place enabled only for those authorized to access 

31 a corresponding parent place, and whether a link to a 

32 child place will be enabled for a specific user in its 

33 corresponding parent place. 

1 14. [Canceled] 

1 15. A computer program product for controlling access to 

2 rooms within a collaboration place created as a web site by 

3 a user at a browser, comprising: 

4 a computer readable medium; 

5 first program instructions for maintaining for said 

6 collaboration a first access control list identifying 
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7 those users authorized to enter said place; 

8 second program instructions for providing- in a parent 

9 room second access control list identifying a subset of 

10 those user authorized to enter said place who are also 

11 authorized to enter said parent room with manager, 

12 author, or user access; 

13 third program instructions for providing forward and 

14 reverse pointers linking said parent room with a child 

15 room in a double-linked list within said place, said 
1G forward pointers having a readers field providing a 

17 third access control list on said forward pointer, said 

18 third access control list providing access to said 

19 ' 1 child room for those members who are included in said 

20 second access control list who are also authorized to 
'21 access said child room; 

22 • fourth program instructions for 'displaying a parent 

23 room to a specific user, said parent room including on 

24 said forward pointers a list of children rooms for 

25 which said readers fields authorize ' said specific user 
2 6 access; 

27 fifth program instructions establishing said 

28 collaboration space as comprising a hierarchy of rooms, 

29 each room being a place in collaboration .space 

30 including an access control list; said first access 

31 control list, said second access control list, and said 
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32 third access control list selectively providing 

33 increased, decreased, and maintained access to said 

34 child place in collaboration space, with access at any 
3b level of authority to said child place enabled only for 

36 those authorized to access a corresponding parent 

37 place, and whether a link to a child place will be 

38 enabled for a specific user in its corresponding parent 

39 place; and wherein 

40 said first, second, third, fourth, and fifth program 

41 instructions are recorded on said computer readable 
42. medium. 
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(11) EVIDENCE APPENDIX 



None. (Apparently the declaration submitted 8 Jul 

2006 has not been entered by the Examiner.) 

(12) RELATED PROCEEDINGS APPENDIX 

None. 
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